201 matches found
CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified...
Default configuration
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE...
CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified...
CVE-2023-45613
The CVE-2023-45613 entry concerns JetBrains Ktor prior to 2.3.5 where server certificates are not verified, creating a trust-management vulnerability. The Red Hat/EUVD/OSV/etc. entries and PT-2023-29593 describe the issue consistently as a failure to validate server certificates in Ktor versions ...
CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified...
CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified...
CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE...
CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE...
CVE-2023-45612
CVE-2023-45612 affects JetBrains Ktor with the ContentNegotiation XML format enabled in versions before 2.3.5. The root cause is an insecure default XML configuration that allows external entity processing, enabling XXE. Exploitation can lead to file disclosure (e.g., reading server files) and SS...
CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE...
JetBrains Ktor Trust Management Issues Vulnerability
The JetBrains Ktor framework is a web application framework from the Czech company JetBrains. A trust management issue vulnerability exists in JetBrains Ktor versions prior to 2.3.5, which stems from a failure to validate server certificates, resulting in a trust management issue vulnerability...
JetBrains Ktor Code Issue Vulnerability
JetBrains Ktor framework is a web application framework from the Czech company JetBrains. A code issue vulnerability exists in JetBrains Ktor versions prior to 2.3.5 that stems from an XML External Entity Injection XXE vulnerability in the default configuration of ContentNegotiation...
PT-2023-29593 · Jetbrains · Jetbrains Ktor
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.5 Description: The issue concerns the verification of server certificates. In affected versions, server certificates were not verified. Recommendations: For versions prior to 2.3.5, update to version 2.3.5...
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...
Authentication flaw
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...
CVE-2023-34339
CVE-2023-34339 affects JetBrains Ktor prior to 2.3.1. The issue is that headers containing authentication data could be added to exception messages, enabling potential exposure of sensitive information. Multiple connected sources (Red Hat, Veracode, CVE lists) confirm the same impact and scope. T...
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...
PT-2023-24824 · Jetbrains · Jetbrains Ktor
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.1 Description: The issue allows headers containing authentication data to be added to the exception's message. This could potentially expose sensitive information. Recommendations: For versions prior to...